← Back to all briefings
Compliance 5 min read Published Updated Credibility 90/100

Compliance Briefing — December 7, 2023

The Basel Committee’s climate-related disclosure framework sets phased Pillar 3 expectations for banks, demanding board oversight, implementation programs, and DSAR-ready controls over financed emissions, scenario analysis, and risk exposure data.

Zeph Tech Research Lead

Research lead, Zeph Tech

Timeline plotting source publication cadence sized by credibility.
2 publication timestamps supporting this briefing. Source data (JSON)

Executive briefing: On the Basel Committee on Banking Supervision (BCBS) published its Pillar 3 climate-related financial disclosures framework, providing internationally consistent guidance for banks to report climate-related risks and exposures beginning with fiscal year 2026 data (for disclosure in 2027) and allowing voluntary early adoption. The framework supplements Basel III disclosure requirements and aligns with the Task Force on Climate-related Financial Disclosures (TCFD), International Sustainability Standards Board (ISSB) standards, and the Financial Stability Board’s transition roadmap. Banks must establish governance, implementation, and DSAR-ready processes to manage granular data on financed emissions, transition plans, scenario analysis, and risk-weighted assets impacted by climate factors.

Governance expectations

The BCBS framework reinforces board accountability for climate risk. Boards must oversee disclosure policies, approve climate risk appetites, and ensure alignment with ICAAP (Internal Capital Adequacy Assessment Process) and recovery planning. Governance structures should integrate climate disclosure oversight with existing risk committees, establishing clear roles for chief risk officers, chief sustainability officers, and data protection officers. Boards should receive regular updates on data quality, DSAR volumes involving climate metrics, and progress toward meeting phased disclosure requirements.

Banks operating across jurisdictions must coordinate governance across subsidiaries to maintain consistent reporting. Document how local management committees implement BCBS guidance, including responsibilities for data sourcing, validation, and DSAR handling. Governance charters should reference applicable regional regulations (e.g., EU Capital Requirements Regulation, UK PRA supervisory statements) and explain how the BCBS framework complements those obligations.

Implementation roadmap

Banks should execute a multi-year implementation program:

  1. Gap assessment (0–120 days): Compare existing climate disclosures (TCFD, ISSB, EU Pillar 3 templates) with BCBS requirements. Identify data gaps for sectoral exposures, financed emissions, physical risk metrics, and scenario analysis. Map DSAR processes to climate data repositories, ensuring personal data (e.g., borrower information) can be retrieved and redacted appropriately.
  2. Data architecture design (120–360 days): Build centralized climate data warehouses integrating credit, market, and operational risk systems. Implement data lineage tools, metadata catalogs, and quality checks. Establish processes for collecting borrower emissions, energy usage, and transition plans. For small and medium-sized enterprises lacking data, develop estimation methodologies consistent with BCBS guidance, documenting assumptions for DSAR transparency.
  3. Modeling and controls (360–720 days): Implement scenario analysis, stress testing, and portfolio alignment tools. Link outputs to risk appetite and capital planning. Ensure internal controls—segregation of duties, validation, and audit trails—are in place. Align with Basel Pillar 3 disclosure templates, including tables for gross carrying amounts, exposure-weighted averages, and sensitivity analysis.
  4. Disclosure readiness (720 days onward): Prepare narrative and quantitative disclosures, integrate them with financial reporting cycles, and conduct dry runs. Coordinate with assurance providers, regulators, and investors. Validate DSAR processes to confirm they can provide information about how individual customer data contributed to aggregated climate metrics while protecting confidentiality.

Data management, privacy, and DSAR considerations

Climate disclosures rely on extensive borrower and counterparty data, including emissions profiles, geographic locations, and transition plans. Banks must ensure compliance with data protection laws (GDPR, LGPD, CCPA) when processing this information. Conduct data protection impact assessments for climate data warehouses, document lawful bases for processing, and implement access controls. DSAR systems should allow borrowers, counterparties, and employees to request confirmation of processing, access to data, or corrections. Provide explanations of estimation methodologies when precise data is unavailable.

When aggregating data for disclosure, apply anonymization or pseudonymization to protect personal data. Maintain records of how data was aggregated or estimated, enabling DSAR responses that explain the individual’s contribution to portfolios or exposure metrics. For public disclosures referencing counterparties, ensure consent or legal justification exists, and provide DSAR guidance on how individuals can challenge inaccuracies.

Financed emissions and scenario analysis

The framework requires reporting financed emissions for sectors such as energy, manufacturing, and transport, using metrics like absolute emissions, emissions intensity, and alignment with net-zero pathways. Banks should integrate global methodologies such as the Partnership for Carbon Accounting Financials (PCAF) and ensure documentation meets DSAR standards. Provide transparency about data sources, estimation techniques, and uncertainty ranges.

Scenario analysis disclosures must describe methodologies, temperature pathways, time horizons, and impacts on credit, market, and operational risk. Maintain audit trails of model assumptions, calibration data, and governance approvals. When DSARs request information about automated decision-making or risk assessments affecting borrowers, provide explanations of how climate scenarios influence credit decisions and capital allocation.

Risk management integration

The framework links climate disclosures to Pillar 2 risk management. Banks must show how climate risks are integrated into governance, risk appetite, strategy, and risk management processes. Document how climate risk factors influence underwriting, portfolio limits, collateral valuation, and provisioning. Ensure DSAR processes can explain to customers how their data informs climate risk assessments, including any impacts on pricing or credit availability.

Assurance, internal audit, and supervisory expectations

Banks should plan for internal and external assurance over climate disclosures. Internal audit must test data controls, governance, and DSAR linkages. External auditors or third-party assurance providers may review estimation methodologies and data quality. Maintain evidence repositories with supporting documentation, validation reports, and DSAR logs.

Supervisors will monitor implementation through supervisory review and evaluation processes (SREP). Prepare to provide regulators with detailed information on data sources, controls, and DSAR handling. Engage early with home and host supervisors to clarify expectations and align timelines.

Training and stakeholder engagement

Develop training programs for risk managers, finance teams, sustainability officers, and DSAR staff covering BCBS requirements, data governance, and privacy obligations. Educate frontline bankers on how climate data collection integrates with customer interactions and DSAR rights. Provide board training on climate risk oversight and disclosure duties.

Engage stakeholders—including investors, civil society, and customers—through briefings and disclosures. Explain how the bank will manage transition risks, support sustainable finance, and respect data subject rights. Solicit feedback to refine disclosures and DSAR processes.

Metrics and next steps

Track implementation metrics: percentage of portfolios with emissions data coverage, completeness of scenario analysis, DSAR response times for climate-related requests, and remediation progress for data quality issues. Within six months, finalize gap assessments and governance structures. Within 12 months, deploy climate data warehouses and begin pilot disclosures. Prior to the 2027 reporting cycle, complete assurance engagements, integrate disclosures into annual reports, and stress-test DSAR operations under peak demand. The BCBS framework provides a global blueprint; banks that execute governance, implementation, and DSAR controls effectively will enhance resilience and investor confidence.

Timeline plotting source publication cadence sized by credibility.
2 publication timestamps supporting this briefing. Source data (JSON)
Horizontal bar chart of credibility scores per cited source.
Credibility scores for every source cited in this briefing. Source data (JSON)

Related briefings

Curated signals from the same pillar or overlapping topics.

Continue in the Compliance pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • Basel Committee
  • Climate risk
  • Pillar 3 disclosures
  • Banking regulation
Back to curated briefings